- Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
- Out of the Browser into the Fire - Cross platform XSS worm framework.
- A DNS connectback shell. Think sqlmap meets xsshunter - but looking for (blind/nonblind) RCE to get a DNS connectback shell.
- This is a portable version of the source code running on https://xsshunter.com. It is designed to be easily-installable on any server for security professionals and bug bounty hunters who wish to test for XSS in a much more powerful way.
- Correlated injection proxy tool for XSS Hunter.
- Simplify HTTP Comand Injection.
[http://www.xss-payloads.com/index.html](XSS Payloads)
- A site with over 50 different payloads, tools, doc and help presented with great categorization.
- A framework that allows users to generate payloads and control remote machines.
- RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent.
- An easy tool to generate backdoor and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV software protection.
Luckystrike: An Evil Office Document Generator
- Fileless Extraction of Sensitive Browser Information with PowerShell.
- A powershell script that allows for the decryption of passwords (and other items) stored within a Thycotic Secret Server installation. Two methods are exposed, Invoke-SecretDecrypt and Invoke-SecretStealer.
AntiVirus Evasion Reconstructed – Veil 3.0
Attacking Microsoft Office & OpenOffice with Metasploit Macro Exploits
- This script will generate payloads for basic intrusion detection avoidance. It utilizes publicly demonstrated techniques from several different sources.