Havoc
Havoc is a modern and malleable post-exploitation command and control framework that provides a client-server architecture with a cross-platform UI, teamserver, and demon agent, offering features such as payload generation, customizable C2 profiles, and extensibility through external C2 and custom agents. It supports multiple platforms including Debian, Ubuntu, and Kali Linux, and requires a modern version of Qt and Python 3.10.x. The framework is still in an early state of release and breaking changes may be made to APIs/core structures as it matures.
FEATURES
ALTERNATIVES
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
BeEF is a specialized penetration testing tool for exploiting web browser vulnerabilities to assess security.
A comprehensive .NET post-exploitation library designed for advanced security testing.
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
AEM (Adobe Experience Manager) Hacker is a tool designed to help security researchers and penetration testers identify and exploit vulnerabilities in AEM-based systems.
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool powered by Shodan.
A VM for mobile application security testing, Android and iOS applications, with custom-made tools and scripts.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.