EvilClippy is a cross-platform tool that helps create malicious MS Office documents. It can hide VBA macros, stomp VBA code (via P-Code), and confuse macro analysis tools. It runs on Linux, OSX, and Windows. This tool is useful for penetration testers and red teamers who want to create realistic phishing attacks or test an organization's defenses against malicious Office documents. EvilClippy provides a range of features that make it easy to create sophisticated malicious documents, including the ability to hide VBA macros and confuse macro analysis tools.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
AzureC2Relay enhances security by validating and relaying Cobalt Strike beacon traffic through Azure Functions.
Generates randomized C2 profiles for Cobalt Strike to evade detection.
SharpEDRChecker scans system components to detect security products and tools.
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
A CVE compliant archive of public exploits and corresponding vulnerable software, and a categorized index of Internet search engine queries designed to uncover sensitive information.
Interactive online malware sandbox for real-time analysis and threat intelligence
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.