The Havoc Framework

CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s …

Next Generation C2 Framework

TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of t…

This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow when the victim opens the phishing link and instantly redirects them to the …

A lightweight redirector for Google Cloud Run, enabling domain fronting via Google-owned infrastructure.

Lurker is a cross-platform, companion implant to Cobalt Strike built with Go