SharpSploit
A comprehensive .NET post-exploitation library designed for advanced security testing.
Often times a corporate internal network is heavily locked down. Workstations are restricted with limited internet access. These controls are often less strict on mobile devices (or sometimes not present), especially with BYOD being implemented more and more. While phishing, Apache access logs often show mobile devices accessing the malicious page, yet no sessions are established. I investigated a number of ways to solve the problem and ultimately landed on using Apache’s Rewrite module. The more I learned about mod_rewrite’s abilities, the more benefit I saw in using Apache redirectors for phishing. This post is the first in a series of posts about solving common problems that plague phishing including users visiting a malicious website on their mobile device, users visiting non-existent resources on our fake domains, serving OS-specific payloads, slowing incident responders’ investigations, expiring phishing links, and changing payloads on the fly. The post series is intended to introduce you to using Apache as a phishing redirector and using it to solve common phishing problems, and will hopefully pique your interest into learning more about what Apache can do for your phishing.
A comprehensive .NET post-exploitation library designed for advanced security testing.
Modular framework for web services penetration testing with support for various attacks.
A standard for conducting penetration tests, covering seven main sections from planning to reporting.
A tool for managing multiple reverse shell sessions/clients via terminal with a RESTful API.
Cutting-edge open-source security tools for adversary simulation and threat hunting.
A tool for testing Cross Site Scripting vulnerabilities