Open Source Deep Packet Inspection Software Toolkit

american fuzzy lop - a security-oriented fuzzer

🐛 Access your device from anywhere via the web.

MemProcFS

State-of-the-art native debugging tools

Simple (relatively) things allowing you to dig a bit deeper than usual.

A Linux version of the ProcDump Sysinternals tool

Rapid spam filtering system.

Kernel Driver Utility

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

A post exploitation framework designed to operate covertly on heavily monitored environments

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

The swiss army knife of LSASS dumping

Sysmon for Linux

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquir…

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Connect like there is no firewall. Securely.

A network sniffer that logs all DNS server replies for use in a passive DNS setup

SSH man-in-the-middle tool

Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.

Post Exploitation Collection

A tool to kill antimalware protected processes

Windows Privilege Escalation from User to Domain Admin.