Merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang for efficient and secure communication.
DET (is provided AS IS), is a proof of concept to perform Data Exfiltration using either single or multiple channel(s) at the same time. The idea was to create a generic toolkit to plug any kind of protocol/service to test implmented Network Monitoring and Data Leakage Prevention (DLP) solutions configuration, against different data exfiltration techniques. Slides DET has been presented at BSides Ljubljana on the 9th of March 2016 and the slides will be available here. Slides are available here. Example usage (ICMP plugin) Server-side: Client-side: Usage while combining two channels (Gmail/Twitter) Server-side: Client-side: Installation Clone the repo: git clone https://github.com/PaulSec/DET.git Then: pip install -r requirements.txt --user Configuration In order to use DET, you will need to configure it and add your proper settings (eg. SMTP/IMAP, AES256 encryption passphrase, proxies and so on). A configuration example file has been provided and is called: config-sample.json { "plugins": { "http": { "target": "192.168.0.12", "port": 8080, "proxies": ["192.168.0.13", "192.168.0.14"] }, "google_docs": { "target": "conchwaiter.uk.plak.cc"
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang for efficient and secure communication.
A tool for security researchers and penetration testers to automate the process of finding sensitive information on a target domain.
Using Apache mod_rewrite rules to rewrite incident responder or security appliance requests to an innocuous website or the target's real website.
GraphSpy is a token management tool that allows users to store and manage access and refresh tokens for multiple users and scopes in one location.
Metta is an information security preparedness tool for adversarial simulation.
A collection of precompiled Windows exploits for privilege escalation.