ColdFire : Golang Malware Development Library
ColdFire provides various methods useful for malware development in Golang. Most functions are compatible with both Linux and Windows operating systems. Installation go get github.com/redcode-labs/ColdFire Types Of Functions Included LoggingAuxiliaryReconnaissanceEvasionAdministrationSandbox detectionDisruptive Documentation Logging Functions func F(s string, arg …interface{}) stringAlias for fmt.Sprintffunc PrintGood(msg string)Print good status messagefunc PrintInfo(msg string)Print info status messagefunc PrintError(msg string)Print error status messagefunc PrintWarning(msg string)Print warning status message Auxiliary...
Neurax : A Framework For Constructing Self-Spreading Binaries
Neurax is a framework that aids in creation of self-spreading software. Requirements go get -u github.com/redcode-labs/Coldfire go get -u github.com/yelinaung/go-haikunator New in v. 2.0 New wordlist mutators + common passwords by countryImprovised passive scanning.FastScan option that makes active scans a bit quickerWordlists are created strictly in-memoryNeuraxScan() accepts a callback function instead of channel as an argument.NeuraxScan() scans in infinite loop with possibility to set interval between each...
Nebula : Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS
Nebula is a Cloud and (hopefully) DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or automation engines like Ansible, Terraform, Chef, etc. Currently covers S3 Bucket name bruteforceIAM,...
Bn-Uefi-Helper : Helper Plugin For Analyzing UEFI Firmware
Bn-Uefi-Helper is a tool to helper plugin for analyzing UEFI firmware. This plugin contains the following features: Apply the correct prototype to the entry point functionFix segments so all segments are RWX and have the correct semanticsThis allows for global function pointers to be rendered correctlyApply types for core UEFI services (from EDK-II)Locate known protocol GUIDs and assign the GUID...
Penglab : Abuse Of Google Colab For Cracking Hashes
Penglab is a ready-to-install setup on Google Colab for cracking hashes with an incredible power, really useful for CTFs. It installs by default : HashcatJohnHydraSSH (with ngrok) And now, it can also : Launch an integrated shellDownload the wordlists Rockyou and HashesOrg2019 quickly ! You only need a Google Account to use Google Colab, and to use ngrok for SSH. How To Use It ? Go on...
RedWarden : Flexible CobaltStrike Malleable Redirector
Red Teaming business has seen several different great ideas on how to combat incident responders and misdirect them while offering resistant C2 redirectors network at the same time. This work combines many of those great ideas into a one, lightweight utility, mimicking Apache2 in it's roots of being a simple HTTP(S) reverse-proxy. Combining Malleable C2 profiles understanding, knowledge of bad IP addresses pool and a...
Kaiju : A Binary Analysis Framework Extension For The Ghidra Software Reverse Engineering Suite
CERT Kaiju is a collection of binary analysis tools for Ghidra. This is a Ghidra/Java implementation of some features of the CERT Pharos Binary Analysis Framework, particularly the function hashing and malware analysis tools, but is expected to grow new tools and capabilities over time. As this is a new effort, this implementation does not yet have full feature parity with the...
Link : A Command And Control Framework Written In Rust
Link provides MacOS, Linux and Windows implants which may lack the necessary evasive tradecraft provided by other more mature command and control frameworks. Tested on Linux only. Features Hopefully this list expands for humans to actually want to use this: HTTPS communicationProcess injectionIn-memory .NET assembly executionSharpCollection toolssRDI implementation for shellcode generationWindows link reloads DLLs from disk into current process Build Process Clone or download the...
Caronte : A Tool To Analyze The Network Flow During Attack/Defence Capture The Flag Competitions
Caronte is a tool to analyze the network flow during capture the flag events of type attack/defence. It reassembles TCP packets captured in pcap files to rebuild TCP connections, and analyzes each connection to find user-defined patterns. The patterns can be defined as regex or using protocol specific rules. The connection flows are saved into a database and can...
Metarget : Framework Providing Automatic Constructions Of Vulnerable Infrastructures
Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically. Why Metarget? During security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spent on testing PoC or ExP is comparatively short. In the field of cloud native security, thanks...
