Threat Express

malleable-c2

Cobalt Strike Malleable C2 Design and Reference Guide

domainhunter

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

red-team-scripts

A collection of Red Team focused tools, scripts, and notes

random_c2_profile

Cobalt Strike random C2 Profile generator

cs2modrewrite

Convert Cobalt Strike profiles to modrewrite scripts

metatwin

The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.

tinyshell

aggressor-scripts

Cobalt Strike Aggressor Scripts

pasties

A collection of random bits of information common to many individual penetration tests, red teams, and other assessments

subshell

SubShell is a python command shell used to control and execute commands through HTTP requests to a webshell. SubShell acts as the interface to the remote webshells.

threatbox

ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution.

invoke-pipeshell

SMB Named Pipe shell

portplow

PortPlow is a distributed port and system scanning & enumeration service. It enables the quick and automated enumeration of ports and services from multiple systems managed by a central console.

persistence-aggressor-script

initial commit

edc

Event Data Collector

mythic2modrewrite

Generate Apache mod_rewrite rules for Mythic C2 profiles

threat-mitigation

Threat Mitigation Strategies

procdot_sandbox

ProcDot Malware Sandbox

cobaltstrike_payload_generator

Quickly generate every payload type for each listener and optionally host via HTTP.

redteamguide

Home of https://redteam.guide

threatexpress

tools

Tools