Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
caf8607f90c09b613a5acce793a6ee44c801f19df790ef5d3d0d2b6adb7b2ef9
AESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but also includes a Windows binary.
b8a137308d0d953152da794073389bc6abb15be5bc89f85eb493f1ec3b0b236e
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
75029b8d4d531fbdfff18bd0e3ee54ea38df3769050cbdc44c4ce4d02f4960f1
This bot code was liberated from the Lizard Squad.
1af299a269ffdb4461e181ca774fc307a592288ad4b3f6b93226c955eb9b8084
This is a simple script to infect images with PHP Backdoors for local file inclusion attacks.
2417fa7ba59a45f47d8610a1495111a59f039bd586605208288ef92ac36d8906
Xingyiquan rootkit for Linux kernel versions 2.6.x and 3.x. It hides processes, files, directories, processes, network connections, adds backdoors, and more.
c3816e8c416c9c40735117ccf83f8351a2162575c9b07aadde2d98735b710d92
bl0wsshd00r backdoors OpenSSH 6.7p1 with a magic password for any user, sniffs and records traffic, and mitigates logging to lastlog/wtmp/utmp.
17bb28d0c4a3e2058cf728936b45586915c671f6cadd0920f2e695332adabeb7
PoisonShell is a simple PHP shell that has several options.
1177aa0f4865f3d1e5e984496bebd9fb296ac647af1d140d40bd1a04998ca97a
wtmpClean is a tool for Unix which clears a given user from the wtmp database.
10f1c941b82e5c32941825b7f59e6704592032f477faeac4c08b3c40729717cb
Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
9548fc922b0cb8ddf055faff4a4887f140a31c45f2f5e3aa64aad91ecfa56cc7
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
789cc84a21faf669da81e648eead2e62654cfbe0b2d927119d8b1e55b22b65c3
Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features include log cleaning, pcap subversion, and more.
ec98508fc4cdf0112e94528e07c54147f753faa6a4210d9ea336d8c58a2140de
wtmpClean is a tool for Unix which clears a given user from the wtmp database.
1e123dcaf681799dd910481339b5c9c5af25e91925706c616b8b98668460f766
Web-Spa is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated operating system (O/S) command on it.
a947eaea9219435522452e5998b2815a6bc802c2c9c0ccc0d1d38e524c6b022e
This code was written to perform auto-installation of the Bash 3.0 shell sniffer tool.
0db5bc9774ba0b32ffa49115373f366cf35e5d084ff60d03694a15a033162885
This code is a shell sniffer that logs keystrokes for bash 3.0.
9b35fdfae427711f593e60b66dab25db64fbb15c2814f7d9219d9aed5f0ee9e0
This is a PHP shell that provides the ability to connect back, grab files, perform exploit searches for local roots and compile and run them, and much more.
9a58a31ca500190b10953b45211f622c7f926cd4e939781b4f99fae0213fad96
This code is a backdoor for nginx. It provides remote shell access, SOCKS5 tunneling, and HTTP password sniffing and logging.
8f754357b61c73fe20efc8dd28b52d222feb812bbaf36bebdfee47e30d0ddfb1
This is a simple PHP web shell backdoor.
aaad39e328e8da519232f1d7feb60cfd3c991f2aa486739cdba8df7d746a8994
This is a reverse shell over SCTP implemented in Python. Currently it does not use SSL, but may evade most firewalls and IDS devices as many of them seemingly have no rules in place to check SCTP traffic.
6743f69ce173275310d5f2ffe1d1a49e6786c7abd202da271f4e6f25bd156590
This is a simple PHP backdoor using HTTP headers to inject the code as opposed to a GET or POST variable. Uses the fictional "Code: " header as an example, for learning purposes. This is not production code.
397d3f851a08bef7d13138eedf2b87ab8e732b35f14514f58a2162c103188aab
Hackersh ("Hacker Shell") is a free and open source shell (command interpreter) written in Python with built-in security commands, and out-of-the-box wrappers for various security tools, using Pythonect as its scripting engine. Pythonect is a new, experimental, general-purpose high-level dataflow programming language based on Python. It aims to combine the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of Python.
c188aaa57fe58d3d722bde76e26f37d182dad24c2a123c3691f08b71d8849d85
Usernamer is a penetration testing tool to generate a list of possible usernames/logins (ex: John Doe Doeson) for user enumeration or bruteforcing. This tool also supports text-files with one name per line as input.
75f2d3ac161fa0569232e5ce8b802ea530d7b3e34e503645d5c1cf8301c9a8ec
PHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include().
9ae6f1db9ff8c94146491368c999d0b4d6a0a9cfe7316a6f72a899025250bf36
This is a simple utility for exploiting command injection vulnerabilities in web applications. Supports POST and GET requests. Can deliver an "inline shell" or a (python) reverse shell.
2c82dcde1a7835fac49946c2d7c022271f0105c0e8c280133632994e909508cd