Threat Express

All

22 repositories

threat-mitigation
Public
Threat Mitigation Strategies
9•26•0•0•Updated Aug 18, 2025Aug 18, 2025
procdot_sandbox
Public
ProcDot Malware Sandbox
Python
•
MIT License
•6•25•0•0•Updated Jul 28, 2025Jul 28, 2025
edc
Public
Event Data Collector
Python
•
MIT License
•6•39•0•7•Updated Jul 9, 2025Jul 9, 2025
threatexpress
Public
HTML
•4•12•0•0•Updated Apr 6, 2025Apr 6, 2025
portplow
Public
PortPlow is a distributed port and system scanning & enumeration service. It enables the quick and automated enumeration of ports and services from multiple systems managed by a central console.
JavaScript
•
MIT License
•10•55•0•0•Updated Nov 19, 2024Nov 19, 2024
threatbox
Public
ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution.
Smarty
•
MIT License
•15•75•1•0•Updated Nov 19, 2024Nov 19, 2024
pasties
Public
A collection of random bits of information common to many individual penetration tests, red teams, and other assessments
Shell
•
MIT License
•32•111•0•0•Updated Nov 19, 2024Nov 19, 2024
aggressor-scripts
Public
Cobalt Strike Aggressor Scripts
JavaScript
•
MIT License
•19•143•0•0•Updated Nov 19, 2024Nov 19, 2024
metatwin
Public
The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.
HTML
•
MIT License
•74•355•2•1•Updated Nov 19, 2024Nov 19, 2024
red-team-scripts
Public
A collection of Red Team focused tools, scripts, and notes
PowerShell
•
MIT License
•196•1.1k•0•0•Updated Nov 19, 2024Nov 19, 2024
invoke-pipeshell
Public
SMB Named Pipe shell
PowerShell
•
The Unlicense
•12•69•0•0•Updated Nov 19, 2024Nov 19, 2024
persistence-aggressor-script
Public
initial commit
The Unlicense
•58•44•0•0•Updated Nov 19, 2024Nov 19, 2024
domainhunter
Public
Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
Python
•
BSD 3-Clause "New" or "Revised" License
•293•1.6k•7•2•Updated Jun 6, 2024Jun 6, 2024
malleable-c2
Public
Cobalt Strike Malleable C2 Design and Reference Guide
GNU General Public License v3.0
•301•1.7k•2•1•Updated Dec 13, 2023Dec 13, 2023
cs2modrewrite
Public
Convert Cobalt Strike profiles to modrewrite scripts
Python
•
GNU General Public License v3.0
•118•608•1•2•Updated Jan 30, 2023Jan 30, 2023
random_c2_profile
Public
Cobalt Strike random C2 Profile generator
Python
•
GNU General Public License v3.0
•88•676•0•0•Updated Jan 5, 2023Jan 5, 2023
redteamguide
Public
Home of https://redteam.guide
JavaScript
•7•14•0•0•Updated Sep 19, 2022Sep 19, 2022
cobaltstrike_payload_generator
Public
Quickly generate every payload type for each listener and optionally host via HTTP.
3•22•0•0•Updated Aug 23, 2021Aug 23, 2021
mythic2modrewrite
Public
Generate Apache mod_rewrite rules for Mythic C2 profiles
Python
•
MIT License
•4•35•0•0•Updated Jul 22, 2021Jul 22, 2021
tools
Public
Tools
0•1•0•0•Updated Jun 29, 2018Jun 29, 2018
tinyshell
Public
Python
•
Other
•37•172•1•0•Updated Jan 31, 2018Jan 31, 2018
subshell
Public
SubShell is a python command shell used to control and execute commands through HTTP requests to a webshell. SubShell acts as the interface to the remote webshells.
Python
•
Other
•15•75•0•0•Updated Nov 6, 2016Nov 6, 2016